Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

bsdriver.sys - Help Required! [Closed]

Started by rumzie , Dec 14 2015 03:00 PM
bsdriver.sys malware adware

  • This topic is locked This topic is locked

#1
rumzie
Posted 14 December 2015 - 03:00 PM

rumzie

    New Member

  • Member
  • Pip
  • 1 posts

Hello,

 

My system has been invaded by the bsdriver.sys virus. Could someone guide me through the removal process and help get it out of my system asap? My browsers open up random pop-ups on almost every click!

 

I downloaded the FRST tool and attached are the FRST and addition text docs.Attached File  Addition.txt   51.61KB   316 downloadsAttached File  FRST.txt   78.33KB   227 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by ramya_000 (administrator) on MITI (14-12-2015 15:50:38)
Running from C:\Users\ramya_000\Desktop
Loaded Profiles: ramya_000 (Available Profiles: ramya_000)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Unified Functional Testing\bin\HP.UFT.HelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
() C:\Users\ramya_000\AppData\Local\Temp\nsn547B.tmp
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\sarconsogulpe\sarconsogulpe.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Pro\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [popup] => C:\windows\SysWOW64\MyTrayApp.exe [14336 2015-09-09] (Microsoft)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [Dropbox Update] => C:\Users\ramya_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [ssn] => C:\Users\ramya_000\AppData\Roaming\ssn\updssn.exe
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [Birds] => C:\Users\ramya_000\AppData\Local\Birds\birds365.exe
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\RunOnce: [Uninstall C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
ShellExecuteHooks: ShHook Class - {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\Windows\System32\ShellHook.dll [226816 2014-07-07] (Hewlett-Packard Development Company, L.P.)
ShellExecuteHooks-x32: ShHook Class - {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\Windows\SysWOW64\ShellHook.dll [187064 2014-07-07] (Hewlett-Packard Development Company, L.P.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-05-26]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\ramya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ramya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-05-09]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (All) ===========================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [67072 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [87040 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [87040 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [79872 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [31744 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [62976 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [364384 2015-07-10] (Microsoft Corporation)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4929f353-f4c5-46b6-8fde-395e494ab86e}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{702d7227-05de-4e94-b543-c94f4bbf9d40}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{dc6d09d4-2a94-4e41-b474-106f6c3bf3f8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.gsn.com;www.worldwinner.com
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {20F2F4C9-B8AC-406F-9B81-8C4285B7D98B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {20F2F4C9-B8AC-406F-9B81-8C4285B7D98B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {48B0168F-1A7C-46C5-B55F-C1FD21F56122} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {20F2F4C9-B8AC-406F-9B81-8C4285B7D98B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> {20F2F4C9-B8AC-406F-9B81-8C4285B7D98B} URL = 
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002 -> {881D77C9-BCF3-4336-A279-FF0B1F57E159} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151206&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: BHOManager Class -> {474264BC-9571-47C1-85B9-780F756DC9CE} -> C:\Program Files (x86)\HP\Unified Functional Testing\bin64\BHOManager.dll [2014-07-07] (Hewlett-Packard Development Company, L.P.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Its Results Hub -> {2a361efd-fb26-4d2c-82ef-2535d46b8c07} -> C:\Program Files (x86)\Its Results Hub\Extensions\2a361efd-fb26-4d2c-82ef-2535d46b8c07.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: BHOManager Class -> {474264BC-9571-47C1-85B9-780F756DC9CE} -> C:\WINDOWS\SysWow64\BHOManager.dll [2014-07-07] (Hewlett-Packard Development Company, L.P.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: TopArcadeHits Games -> {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} -> C:\Users\ramya_000\AppData\Local\TopArcadeHits\Toparcadehits.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2015-07-10] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - C:\Program Files (x86)\HP\Unified Functional Testing\bin\ielpview.dll [2014-07-07] (Hewlett-Packard Development Company, L.P.)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2015-07-10] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-07-10] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2012-10-01] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2015-07-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2015-07-10] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2015-07-10] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2015-07-10] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-11-24] (Microsoft Corporation)
Handler-x32: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - C:\Program Files (x86)\HP\Unified Functional Testing\bin\VFSProtocol.dll [2014-07-07] (Hewlett-Packard Development Company, L.P.)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [2012-09-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [2014-01-23] (Microsoft Corporation)
Filter-x32: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [2014-01-22] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ramya_000\AppData\Roaming\Mozilla\Firefox\Profiles\sw3c8eh4.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: www.google.com
FF Keyword.URL: 
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [2014-08-27] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-1210309332-3358197912-3402527016-1002: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-18] (Apple Inc.)
FF SearchPlugin: C:\Users\ramya_000\AppData\Roaming\Mozilla\Firefox\Profiles\sw3c8eh4.default\searchplugins\McSiteAdvisor.xml [2015-09-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom.xml [2015-05-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml [2015-05-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml [2014-11-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay.xml [2014-11-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml [2015-05-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\twitter.xml [2015-05-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia.xml [2015-05-31]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015-05-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{3784BB40-3FF7-446C-aF5A-8075B2D6B8DB}] - C:\Program Files\shopperz091220152315\Firefox\{3784BB40-3FF7-446C-aF5A-8075B2D6B8DB}.xpi => not found
FF HKLM\...\Firefox\Extensions: [{AFD33F08-1F10-437F-81DA-4F3FAB9EA32C}] - C:\Program Files\groover101220150155\Firefox\{AFD33F08-1F10-437F-81DA-4F3FAB9EA32C}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [{9F17B1A2-7317-49ef-BCB7-7BB47BDE10F8}] - C:\Program Files (x86)\HP\Unified Functional Testing\\bin\Mozilla\Common
FF Extension: Unified Functional Testing Extension - C:\Program Files (x86)\HP\Unified Functional Testing\\bin\Mozilla\Common [2014-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3784BB40-3FF7-446C-aF5A-8075B2D6B8DB}] - C:\Program Files\shopperz091220152315\Firefox\{3784BB40-3FF7-446C-aF5A-8075B2D6B8DB}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{AFD33F08-1F10-437F-81DA-4F3FAB9EA32C}] - C:\Program Files\groover101220150155\Firefox\{AFD33F08-1F10-437F-81DA-4F3FAB9EA32C}.xpi => not found
FF HKLM-x32\...\Mozilla Firefox 35.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM-x32\...\Mozilla Firefox 35.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\plugins [2015-12-09] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-02] [not signed]
FF HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Firefox\Extensions: [{9F17B1A2-7317-49ef-BCB7-7BB47BDE10F8}] - C:\Program Files (x86)\HP\Unified Functional Testing\Bin\Mozilla\Common
FF Extension: Unified Functional Testing Extension - C:\Program Files (x86)\HP\Unified Functional Testing\Bin\Mozilla\Common [2014-10-31] [not signed]
FF HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Mozilla Firefox 35.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Mozilla Firefox 35.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2013-05-11]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US105D20151206&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (NielsenOnline) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.8.1_0\chrometracker.dll => No File
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.324.433.1_0\plugin/ace.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Nielsen FirefoxTracker Plug-in) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => No File
CHR Plugin: (Google Update) - C:\Users\ramya_000\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\ramya_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\ramya_000\AppData\Roaming\Mozilla\plugins\npo1d.dll => No File
CHR Plugin: (Zoom Launcher) - C:\Users\ramya_000\AppData\Roaming\Zoom\bin\npzoomplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Profile: C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (panda dumpling) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\caaclfkfmcnlppkambfehbfhlekhpenf [2014-07-31]
CHR Extension: (Google Search) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Always Clear Downloads) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbmgiffkljiglnpdbljhlenaikojapc [2014-10-09]
CHR Extension: (SiteAdvisor) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03]
CHR Extension: (HP Unified Functional Testing Agent) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkpkaoeaicepkfjgeeopfcfpdgblbdc [2014-11-27] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Hangouts) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-07-10] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2015-08-01] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\ramya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jjkpkaoeaicepkfjgeeopfcfpdgblbdc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpgalnioijgchfablfaknkbliianenml] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [221568 2015-12-09] (Dell Inc.)
R2 ginoquci; C:\Users\ramya_000\AppData\Local\Temp\nsn547B.tmp [222208 2015-12-09] () [File not signed]
R2 HP UFT Helper Service; C:\Program Files (x86)\HP\Unified Functional Testing\bin\HP.UFT.HelperService.exe [15544 2014-07-07] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-08-27] (LULU SOFTWARE LIMITED)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe [266240 2014-09-19] () [File not signed]
S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-08-27] (LULU SOFTWARE LIMITED)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 Uft4Winrt; C:\Program Files (x86)\HP\Unified Functional Testing\bin\UFT4WinRt.exe [15544 2014-07-07] (Hewlett-Packard Company)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mcpltsvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 Qavafo; "C:\Users\ramya_000\AppData\Roaming\WiipjeFozl\Lhbukdu.exe" -cms [X]
S2 Qhbaaa; "C:\Users\ramya_000\AppData\Roaming\IgucDyzrazv\Teepuqek.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-12-09] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-01-17] (Wondershare)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-14 15:50 - 2015-12-14 15:51 - 00054694 _____ C:\Users\ramya_000\Desktop\FRST.txt
2015-12-14 15:42 - 2015-12-14 15:50 - 00000000 ____D C:\FRST
2015-12-14 15:42 - 2015-12-14 15:42 - 02369536 _____ (Farbar) C:\Users\ramya_000\Desktop\FRST64.exe
2015-12-14 15:22 - 2015-12-14 15:22 - 00016148 _____ C:\WINDOWS\system32\MITI_ramya_000_HistoryPrediction.bin
2015-12-13 23:20 - 2015-12-13 23:20 - 00001259 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2015-12-13 23:20 - 2015-12-13 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-12-13 23:20 - 2015-12-13 23:20 - 00000000 ____D C:\ProgramData\IObit
2015-12-13 23:20 - 2015-12-13 23:20 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-13 23:18 - 2015-12-13 23:19 - 02451912 _____ (IObit ) C:\Users\ramya_000\Desktop\unlocker-setup.exe
2015-12-13 22:45 - 2015-12-13 22:45 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Nero
2015-12-13 22:45 - 2015-12-13 22:45 - 00000000 ____D C:\Users\ramya_000\AppData\Local\Power2Go8
2015-12-13 22:28 - 2015-12-13 22:28 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-13 22:21 - 2015-12-13 22:21 - 00000000 ____D C:\WINDOWS\system32\wutu
2015-12-13 21:35 - 2015-12-13 21:35 - 00000000 ____D C:\WINDOWS\system32\uabe
2015-12-13 21:27 - 2015-12-13 21:27 - 00000000 ____D C:\WINDOWS\system32\jyx
2015-12-13 12:20 - 2015-12-13 12:20 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 12:35 - 2015-12-12 12:40 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-12 10:58 - 2015-12-13 22:39 - 01247700 _____ C:\WINDOWS\ntbtlog.txt
2015-12-12 10:57 - 2015-12-12 10:57 - 00000000 ____D C:\WINDOWS\system32\cac
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 ____D C:\WINDOWS\system32\idu
2015-12-12 10:46 - 2015-12-12 11:44 - 00001881 _____ C:\Users\ramya_000\Desktop\Remove Virus.txt
2015-12-12 10:12 - 2015-12-12 10:12 - 00000000 ____D C:\WINDOWS\system32\phub
2015-12-11 15:42 - 2015-12-11 15:42 - 00000000 ____D C:\WINDOWS\system32\cec
2015-12-10 19:02 - 2015-12-10 19:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-12-10 18:23 - 2015-12-10 18:23 - 00000000 ____D C:\WINDOWS\system32\pavm
2015-12-10 18:20 - 2015-12-10 18:20 - 01738240 _____ C:\Users\ramya_000\Desktop\adwcleaner_5.024.exe
2015-12-10 18:11 - 2015-12-10 18:11 - 00000000 ____D C:\WINDOWS\system32\men
2015-12-10 18:04 - 2015-12-12 10:11 - 00000000 ____D C:\AdwCleaner
2015-12-10 18:03 - 2015-12-10 18:03 - 01738240 _____ C:\Users\ramya_000\Downloads\adwcleaner_5.024.exe
2015-12-10 17:18 - 2015-12-10 17:18 - 00000000 ____D C:\Users\ramya_000\AppData\Local\CEF
2015-12-10 17:11 - 2015-12-14 12:02 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-10 16:59 - 2015-12-10 16:59 - 00000000 ____D C:\WINDOWS\system32\uod
2015-12-10 16:59 - 2015-12-10 16:59 - 00000000 ____D C:\WINDOWS\system32\ruf
2015-12-10 16:40 - 2015-12-10 16:40 - 00003528 _____ C:\WINDOWS\System32\Tasks\Nairoomurmsa
2015-12-09 21:19 - 2015-12-09 21:19 - 00185856 _____ C:\WINDOWS\rsrcs.dll
2015-12-09 21:03 - 2015-12-09 21:03 - 00004720 _____ C:\WINDOWS\SysWOW64\Gabiwod.ini
2015-12-09 21:03 - 2015-12-09 21:03 - 00002440 _____ C:\WINDOWS\SysWOW64\GabiwodOff.ini
2015-12-09 21:03 - 2015-12-09 21:03 - 00002440 _____ C:\WINDOWS\system32\GabiwodOff.ini
2015-12-09 21:03 - 2015-12-09 18:57 - 00375152 _____ C:\WINDOWS\system32\Gabiwod64.dll
2015-12-09 21:03 - 2015-12-09 18:57 - 00289136 _____ C:\WINDOWS\SysWOW64\Gabiwod.dll
2015-12-09 21:00 - 2015-12-09 21:00 - 00003400 _____ C:\WINDOWS\System32\Tasks\Hucbi
2015-12-09 20:58 - 2015-12-09 21:07 - 00000000 ____D C:\Program Files (x86)\Simple Media Player
2015-12-09 20:58 - 2015-12-09 20:58 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-12-09 20:58 - 2015-12-09 20:58 - 00004720 _____ C:\WINDOWS\SysWOW64\Elabdiptoi.ini
2015-12-09 20:58 - 2015-12-09 20:58 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUp
2015-12-09 20:58 - 2015-12-09 20:58 - 00003630 _____ C:\WINDOWS\System32\Tasks\import
2015-12-09 20:58 - 2015-12-09 20:58 - 00003624 _____ C:\WINDOWS\System32\Tasks\impo
2015-12-09 20:58 - 2015-12-09 20:58 - 00003536 _____ C:\WINDOWS\System32\Tasks\Googleuptodate
2015-12-09 20:58 - 2015-12-09 20:58 - 00003526 _____ C:\WINDOWS\System32\Tasks\MyDailyBackup
2015-12-09 20:58 - 2015-12-09 20:58 - 00003502 _____ C:\WINDOWS\System32\Tasks\win
2015-12-09 20:58 - 2015-12-09 20:58 - 00003402 _____ C:\WINDOWS\System32\Tasks\Beeyq
2015-12-09 20:58 - 2015-12-09 20:58 - 00002440 _____ C:\WINDOWS\SysWOW64\ElabdiptoiOff.ini
2015-12-09 20:58 - 2015-12-09 20:58 - 00002440 _____ C:\WINDOWS\system32\ElabdiptoiOff.ini
2015-12-09 20:58 - 2015-12-09 18:45 - 00375128 _____ C:\WINDOWS\system32\Elabdiptoi64.dll
2015-12-09 20:58 - 2015-12-09 18:45 - 00289112 _____ C:\WINDOWS\SysWOW64\Elabdiptoi.dll
2015-12-09 20:57 - 2015-12-09 20:57 - 00000000 ____D C:\Users\ramya_000\AppData\LocalLow\Company
2015-12-09 20:57 - 2015-12-09 20:57 - 00000000 ____D C:\uninst
2015-12-09 20:47 - 2015-12-02 17:53 - 00000858 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-09 19:08 - 2015-12-09 21:08 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2015-12-09 18:56 - 2015-12-09 18:56 - 00000000 ____D C:\Program Files\Common Files\VST2
2015-12-09 18:56 - 2015-12-09 18:56 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2015-12-09 18:55 - 2015-12-09 21:44 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-09 18:55 - 2015-12-09 21:44 - 00000000 ____D C:\Program Files\Image-Line
2015-12-09 18:55 - 2015-12-09 18:55 - 00002135 _____ C:\Users\ramya_000\Desktop\FL Studio 12 (64bit).lnk
2015-12-09 18:55 - 2015-12-09 18:55 - 00002119 _____ C:\Users\ramya_000\Desktop\FL Studio 12.lnk
2015-12-09 18:55 - 2015-12-09 18:55 - 00000000 ____D C:\Users\ramya_000\Documents\Image-Line
2015-12-09 18:55 - 2015-12-09 18:55 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Image-Line
2015-12-09 18:55 - 2015-12-09 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-09 18:51 - 2015-12-09 21:44 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-12-09 16:59 - 2015-12-09 20:53 - 00000000 ____D C:\Users\ramya_000\Downloads\FL Studio 12
2015-12-09 16:58 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 16:58 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 16:58 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 16:58 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 16:58 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 16:58 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 16:58 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 16:58 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 16:58 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 16:58 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 16:58 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 16:58 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 16:58 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 16:58 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 16:58 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 16:58 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 16:58 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 16:58 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 16:58 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 16:58 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 16:58 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 16:58 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 16:58 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 16:58 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 16:58 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 16:58 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 16:58 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 16:58 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 16:57 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 16:57 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 16:57 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 16:57 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 16:57 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 16:57 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 16:57 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 16:57 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 16:57 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 16:57 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 16:57 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 16:57 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 16:57 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 16:57 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 16:57 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 16:57 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 16:57 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 16:57 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 16:57 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 16:57 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 16:57 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 16:57 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 16:57 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 16:57 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 16:57 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 16:57 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 16:57 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 16:57 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 16:57 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 16:57 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 16:57 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 16:57 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 16:57 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 16:57 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 16:57 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 16:57 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 16:57 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 16:57 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 16:57 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 16:57 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 16:57 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 16:57 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 16:57 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 16:57 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 16:57 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 16:57 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 16:57 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 16:57 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 16:57 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 16:57 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 23:07 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 23:07 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-03 21:34 - 2015-12-03 21:40 - 00000879 _____ C:\Users\ramya_000\.lmmsrc.xml
2015-12-03 21:34 - 2015-12-03 21:34 - 00000000 ____D C:\Users\ramya_000\lmms
2015-12-02 17:53 - 2015-12-02 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-02 17:52 - 2015-12-02 17:52 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-19 07:42 - 2015-11-19 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-14 18:06 - 2015-11-14 18:06 - 00004122 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-14 18:06 - 2015-11-14 18:06 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-11-14 18:06 - 2015-11-14 18:06 - 00003294 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-11-14 18:06 - 2015-11-14 18:06 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Dell
2015-11-14 18:06 - 2015-11-14 18:06 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-14 18:06 - 2015-11-14 18:06 - 00000000 ____D C:\Program Files\Dell Support Center
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-14 15:42 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-14 15:40 - 2013-08-12 13:24 - 00000290 _____ C:\WINDOWS\Tasks\TopArcadeHits.job
2015-12-14 15:17 - 2015-11-07 19:12 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002UA.job
2015-12-14 15:13 - 2015-08-04 22:48 - 00000000 __SHD C:\Users\ramya_000\IntelGraphicsProfiles
2015-12-14 15:13 - 2015-08-04 22:39 - 00002417 _____ C:\Users\ramya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-14 15:13 - 2013-11-29 09:39 - 00000000 __RDO C:\Users\ramya_000\SkyDrive
2015-12-14 15:13 - 2013-04-02 11:22 - 00000000 ____D C:\Users\ramya_000\AppData\Local\Google
2015-12-14 14:54 - 2013-06-24 10:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-14 12:53 - 2015-08-08 17:53 - 00000424 _____ C:\WINDOWS\Tasks\DataWiper.job
2015-12-14 11:56 - 2015-08-04 22:12 - 00832082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-14 11:56 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-14 11:52 - 2015-08-08 16:43 - 00000091 _____ C:\HaxLogs.txt
2015-12-14 11:51 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-14 11:51 - 2015-07-10 07:20 - 05104760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 11:50 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-14 11:49 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-14 11:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-14 11:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-14 11:41 - 2014-12-13 11:56 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Seagate
2015-12-14 11:41 - 2014-12-13 11:56 - 00000000 ____D C:\ProgramData\Seagate
2015-12-14 11:41 - 2013-03-25 10:25 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Mozilla
2015-12-14 11:40 - 2014-03-31 08:32 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Zoom
2015-12-14 11:21 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-14 09:37 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-14 09:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-14 09:17 - 2014-08-17 08:57 - 00000000 ____D C:\Users\ramya_000\AppData\Local\Adobe
2015-12-13 14:15 - 2013-03-25 10:24 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\vlc
2015-12-13 14:12 - 2013-10-30 19:09 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A675A90B-D96E-434A-91F6-A6FEE3E5A993}
2015-12-13 12:20 - 2013-11-25 11:02 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Dropbox
2015-12-12 12:53 - 2015-08-05 01:41 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-12 10:27 - 2013-03-24 15:56 - 00000000 ____D C:\Users\ramya_000\AppData\Local\Packages
2015-12-12 10:14 - 2012-11-11 21:27 - 00000000 ____D C:\ProgramData\McAfee
2015-12-12 10:14 - 2012-11-11 21:27 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-11 16:09 - 2014-01-21 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2015-12-11 16:09 - 2014-01-21 13:13 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2015-12-11 16:07 - 2015-11-12 22:11 - 00000000 ____D C:\Users\ramya_000\Documents\Audible
2015-12-11 16:06 - 2012-11-11 21:27 - 00000000 ____D C:\Program Files\mcafee
2015-12-10 19:17 - 2015-11-07 19:12 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002Core.job
2015-12-10 19:02 - 2012-11-11 21:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-10 18:25 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-10 17:54 - 2013-06-09 14:27 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-10 16:30 - 2013-03-24 15:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-09 21:48 - 2013-03-25 10:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-09 21:47 - 2013-03-25 10:23 - 00000000 ____D C:\Program Files (x86)\Graboid
2015-12-09 21:44 - 2015-04-14 21:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 18:21 - 2014-01-21 00:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 18:21 - 2014-01-20 22:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 18:20 - 2012-07-26 00:26 - 00000199 _____ C:\WINDOWS\win.ini
2015-12-09 18:16 - 2013-08-08 09:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 17:16 - 2013-03-25 16:57 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-05 10:29 - 2014-07-03 16:31 - 00000388 _____ C:\Users\ramya_000\Documents\YT_general.txt
2015-12-03 21:34 - 2015-08-04 21:48 - 00000000 ____D C:\Users\ramya_000
2015-12-03 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-02 17:53 - 2014-01-17 08:49 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-30 19:32 - 2015-10-04 14:13 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:32 - 2015-10-04 14:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-19 08:41 - 2013-09-04 10:34 - 00000000 ____D C:\Users\ramya_000\AppData\Roaming\Skype
2015-11-19 07:42 - 2014-03-31 09:45 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-19 07:42 - 2013-09-04 10:33 - 00000000 ____D C:\ProgramData\Skype
2015-11-15 21:40 - 2015-11-12 22:20 - 00000000 ____D C:\Users\ramya_000\AppData\Local\Audible
2015-11-14 20:16 - 2015-11-12 22:13 - 00000000 ____D C:\Users\ramya_000\Documents\Audible books
 
==================== Files in the root of some directories =======
 
2014-11-13 15:55 - 2014-11-13 15:55 - 0002170 _____ () C:\Program Files\Vinstall.log
2014-04-29 13:41 - 2014-04-29 13:52 - 0000132 _____ () C:\Users\ramya_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-06-05 19:46 - 2015-09-16 16:40 - 0008164 _____ () C:\Users\ramya_000\AppData\Roaming\MITI.MTBF.txt
2014-06-05 19:46 - 2015-09-16 20:51 - 0000938 _____ () C:\Users\ramya_000\AppData\Roaming\__AvidCloudManager.log
2014-06-05 19:46 - 2015-09-16 19:45 - 0000674 _____ () C:\Users\ramya_000\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-11-12 17:11 - 2014-11-12 17:11 - 181974983 _____ () C:\Users\ramya_000\AppData\Local\ACCCx2_8_1_451.zip.aamdownload
2014-11-12 17:11 - 2014-11-12 17:11 - 0002174 _____ () C:\Users\ramya_000\AppData\Local\ACCCx2_8_1_451.zip.aamdownload.aamd
2013-05-02 16:46 - 2014-09-05 19:52 - 0016384 _____ () C:\Users\ramya_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-27 12:04 - 2013-11-27 12:04 - 0000032 RSHOT () C:\Users\ramya_000\AppData\Local\t65s2tb.dat
2013-12-28 14:22 - 2013-12-28 14:22 - 0000032 RSHOT () C:\Users\ramya_000\AppData\Local\t70rc.dat
2013-09-03 12:21 - 2013-09-03 12:21 - 0001534 _____ () C:\ProgramData\ss.ini
2012-11-11 21:27 - 2012-11-11 21:27 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-11 21:24 - 2012-11-11 21:24 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-11 21:24 - 2012-11-11 21:25 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-11 21:23 - 2012-11-11 21:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-11 21:25 - 2012-11-11 21:26 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\ramya_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 06:00] - [2015-07-10 06:00] - 0680256 ____A (Microsoft Corporation) 55B0338381670FF5D0ADC115070B5F28
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 06:00] - [2015-07-10 06:00] - 0534064 ____A (Microsoft Corporation) BA0B16AD9F3E4A2A60A007231BB7D52D
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-06 12:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-12-2015
Ran by ramya_000 (2015-12-14 15:51:37)
Running from C:\Users\ramya_000\Desktop
Windows 10 Home (X64) (2015-08-05 03:31:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1210309332-3358197912-3402527016-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1210309332-3358197912-3402527016-503 - Limited - Disabled)
Guest (S-1-5-21-1210309332-3358197912-3402527016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1210309332-3358197912-3402527016-1004 - Limited - Enabled)
ramya_000 (S-1-5-21-1210309332-3358197912-3402527016-1002 - Administrator - Enabled) => C:\Users\ramya_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Awesomium.NET Redistribution Module (x32 Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
Dell Update (HKLM-x32\...\{4D3BE820-0FC3-40E7-9252-A94FEA4592CA}) (Version: 1.7.1034.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
gorillaprice (HKLM-x32\...\gorillaprice) (Version:  - )
HP Unified Functional Testing (HKLM\...\{F4562C53-DCB0-4DBF-8A17-7EBF2E5F2DF7}) (Version: 12.01.1112.1 - HP)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
join.me (HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Picasa Web Albums Live Publisher (HKLM-x32\...\{5B7F33B3-C72C-4408-8AF9-B855775F51DB}) (Version: 2.4.0 - PicasaWebPublisher)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.121 - Corel Corporation)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.00.0000 - ETS)
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{5813f11a-0c26-4d32-880a-463abb90a6a6}) (Version: 12.3.2.2909 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.3.2 - TechSmith Corporation) Hidden
Soda PDF 6 (HKLM-x32\...\Soda6) (Version: 1.0.18.17237 - LULU Software Limited)
Soda PDF 6 View Module (x32 Version: 6.4.8.18629 - LULU Software Limited) Hidden
Transition Pack 1 Demo (HKLM\...\Transition Pack 1 Demo) (Version: 3.1.4 - FilmImpact.net)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{59BEEE71-1A39-11E3-8E5C-F04DA23A5C58}) (Version: 12.0.714 - Sony)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ramya_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
14-12-2015 09:38:35 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-12-02 17:53 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03344531-A01D-41A7-9B9A-9D428039F91B} - System32\Tasks\Nairoomurmsa => C:\ProgramData\Nairoomurmsa\1.0.6.1\olacirew.exe
Task: {067BDFBA-FFA6-45C2-A79B-C8C4489C87E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {0BE25672-7F5E-42ED-9F36-EFB1C09DFD96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0C73EC16-F732-46F3-ABFB-2AB3329AC6FD} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {0E7419C6-A39C-4C3B-978D-44F8B87EF6B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1871F92B-B741-4F43-9447-300AB2E0B08B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002Core => C:\Users\ramya_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {1CD7DC51-D7EB-4FB5-9B6F-CA0B8352500C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {1DFE88F9-CCFE-46EC-9EBC-076939E3F94C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {2096F0CB-FFBA-4F77-A85D-00ADFD15D739} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {26698577-B0B2-4835-8C9A-A81D5605E9CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {274DB5C4-4E4E-4319-95F8-4EBB0108B269} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3884CD7A-4F1C-456C-9579-86AFDD57033B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {3F7C3892-4536-4E97-8B2C-6432EE8C5BAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {4341357F-3960-4CEB-8895-2397ACE3687D} - System32\Tasks\Beeyq => C:\PROGRA~1\SHOPPE~1\Inibcu.bat
Task: {488742FF-18D1-47DF-B035-4339D812C81E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002UA => C:\Users\ramya_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {4DBE7266-677B-4E06-BA54-B43D71CB38DB} - System32\Tasks\{F4B7EAC0-C5F4-4EC0-8526-2390850FDEC9} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {4E32E964-430A-4E7E-91EF-E5E21D134892} - System32\Tasks\Hucbi => C:\PROGRA~1\GROOVE~1\Ubewo.bat
Task: {4FC3FB8F-7D9E-4B75-935A-D168CB4B2B78} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {514D2C0B-A666-4F55-B38C-B86D1D159F9E} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {51541C0A-497C-4D83-B836-5CDF464BC33D} - System32\Tasks\TopArcadeHits => C:\Users\ramya_000\AppData\Local\TopArcadeHits\updater.exe
Task: {57AB79CC-19E3-4EFB-8601-9DDE747EF14B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {688422FE-41EF-406F-9226-FBA1ABE7E8D3} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {69338FEA-F81D-40D9-AFB8-5DDC8CAB3C16} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {6DD78B84-6B13-464F-A714-646FA0E09815} - System32\Tasks\{7C5E8807-35CA-4750-9D6D-04B584691151} => pcalua.exe -a C:\Users\ramya_000\Downloads\karinor21rt.exe -d C:\Users\ramya_000\Downloads
Task: {789FA9ED-ED84-40FA-9470-312D28DF2340} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {81948D54-56E4-4C4A-92B1-7E8A02845D83} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {83952B6B-98A7-4343-ABE5-00F9D9869546} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {8E2CA03C-10D9-4A5F-B5DE-92F0E4573C8D} - System32\Tasks\DataWiper => c:\programdata\{8f2499ef-9b77-41a0-8f24-499ef9b767be}\samsung_usb_driver_for_mobile_phones_v1.5.33.0.exe <==== ATTENTION
Task: {90CB3C13-2C2F-4475-8B8E-BA4C290A9FE9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93EDE9E8-9039-434B-B533-DBF015A7B4AA} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {A05A5E63-80CA-42BE-9354-7143A8839AC5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A7887504-6CDE-4E21-9B4F-D6F98E137E3F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {AA41E4A5-DF48-41F3-9130-0E6964E7F7BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AA8ED5F0-1CA4-49AC-BC63-4B85C46F8360} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {B2124124-F628-4AC5-B37C-701611C73FDD} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {B2CC6303-BCC2-4EC1-BB20-99F81701CFD6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B574BF7D-ACA9-4C10-9D37-D58ECD90C1EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C9E32032-3A3C-4B47-8D64-5098D13E9C4F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {CA62C5AA-3144-4402-B3B2-8E1CC9E51CE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D9B12BC4-DD88-41B1-BE91-9354D7B652EB} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {DAB52155-10F6-41F8-AC20-6E9D15F6FEA0} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DataWiper.job => c:\programdata\{8f2499ef-9b77-41a0-8f24-499ef9b767be}\samsung_usb_driver_for_mobile_phones_v1.5.33.0.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002Core.job => C:\Users\ramya_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1210309332-3358197912-3402527016-1002UA.job => C:\Users\ramya_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\TopArcadeHits.job => C:\Users\ramya_000\AppData\Local\TopArcadeHits\updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ramya_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=FCAzftpbl2,c7fab034-7633-4465-ad87-2520a94809c0," <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-05 17:07 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2013-05-15 13:48 - 2012-10-04 18:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-08-18 16:28 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-09 22:00 - 2015-12-09 22:00 - 00222208 _____ () C:\Users\ramya_000\AppData\Local\Temp\nsn547B.tmp
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-11 21:25 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-09-19 13:21 - 2014-09-19 13:21 - 00266240 _____ () C:\Program Files\sarconsogulpe\sarconsogulpe.exe
2015-09-30 18:12 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 18:12 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-30 18:12 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 16:58 - 2015-11-24 23:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 16:57 - 2015-11-24 23:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 16:57 - 2015-11-24 23:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 18:12 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-09 17:00 - 2015-12-09 17:01 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-09 17:00 - 2015-12-09 17:01 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-12-02 18:10 - 2015-12-02 18:10 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-03 03:56 - 2015-12-03 03:56 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\65607c70ae367cc924192920dc5ed071\PSIClient.ni.dll
2012-11-11 21:19 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-11 21:24 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-11 16:18 - 2015-03-11 16:18 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
2015-03-11 16:18 - 2015-03-11 16:18 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-03-11 16:18 - 2015-03-11 16:18 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2015-05-31 12:53 - 2015-05-31 12:53 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4B7BEAFF
AlternateDataStreams: C:\ProgramData\Temp:96D0C06F
AlternateDataStreams: C:\Users\ramya_000\Cookies:1NL6Q18Ri8XTbsBEaqe2TCRlXkV7
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ramya_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kuttyjoey.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Sound+"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "NielsenOnline"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "popup"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DAEF4915F68B97DB6793E91E064628FB"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\StartupApproved\Run: => "Birds"
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{48D04287-2872-4DDD-AA26-747D2C123054}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{54372ED7-29C5-417B-B02D-F4537FE02686}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{200FF081-68A6-4B8D-B2F2-46C6836D2F92}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{FE018E34-2BCF-4454-AE88-9C8E271F4073}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{C5D97CEE-2F53-4010-998B-BDF80521E752}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5856B928-522C-43A9-98F1-860FBECF9FA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31B066A8-A187-4975-8606-82BEAD98445B}] => (Allow) LPort=8298
FirewallRules: [{8ED934A4-084C-458E-926A-B889C5B503F6}] => (Allow) LPort=8888
FirewallRules: [{4FA9D4FE-BA8F-43F4-8A61-6712EBEB615C}] => (Allow) LPort=8888
FirewallRules: [{B4ECF2C7-6506-4D0B-B13F-1E96B5ED9ACC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CB3F9924-A53D-4A7B-AC60-3A6B50C2A2D1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DC59E32F-1DFE-4029-8AF9-6CB9E42429ED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C99B31E4-23FF-4667-8FEB-81D723005BFE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6EA80178-B0AB-4471-B48C-8AE30C59F865}] => (Allow) C:\Windows\SysWOW64\dllhost.exe
FirewallRules: [{C35B5E4C-9985-4F29-B37E-9AF0B278C66D}] => (Allow) C:\Windows\SysWOW64\dllhost.exe
FirewallRules: [{F278492F-2A89-4976-8863-DB39A9BDC3E4}] => (Allow) C:\Program Files (x86)\HP\Unified Functional Testing\bin\AQTRmtAgent.exe
FirewallRules: [{35C3A7D1-CC37-462F-8C34-AECE7F0DB2C7}] => (Allow) C:\Program Files (x86)\HP\Unified Functional Testing\bin\AQTRmtAgent.exe
FirewallRules: [{CE50015A-2D1D-44C7-8F56-C733DDDF3C6A}] => (Allow) LPort=135
FirewallRules: [{739903AE-72A5-4856-AADF-B6CE101610D9}] => (Allow) C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{01451279-7C6A-441D-B104-D940E356CD67}] => (Allow) C:\Users\ramya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A2339812-FE01-49A4-8D43-5639EAEFB081}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{AD7F13C9-C0A7-4B4F-9520-83F11C714E17}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{27E4AE1C-E223-46BC-AEB9-E9586BF6252F}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{9889B4ED-AF93-4F2E-8A46-8EEC2E08870A}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{851948C0-4711-404B-897C-B7550E0E5137}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{09EBE334-DC62-4807-ABD0-E6C5C9E07600}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{3026A4BC-5363-4614-A958-D0FD3E8882DE}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{FC0AD4F9-198A-401D-8A14-BB23A6534C6C}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{E7CB7005-9721-4F8F-8E97-764C2FAA4ED2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{221BB894-4FDE-4E32-B0F9-0646F14B4017}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{7472A744-B0F5-4834-BF55-F1F6157FCD48}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{9A472EEA-A8D1-4ED6-AF9A-641D73F777FB}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{488A7B0A-6BDD-49C8-9697-53F5DD01E4F0}] => (Allow) C:\Users\ramya_000\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{8C444DE8-C4FF-4222-84AC-230C29AA9708}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{31AAE272-09FD-4B12-B825-0BC7D5220094}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{0F03B71B-B5B8-45CB-A8B8-DAFA64D3D10E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{E4EBF582-13FA-4630-B016-6B309D71A03C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{48C00A2E-FA24-4398-8936-F2F230131506}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{D1FBCCF8-AE80-41C2-9CBA-45FCE8310450}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{EF2E8133-4422-4AAB-8B0C-A2A9B6D71876}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{86A4CC96-38AD-467D-9558-394D0BA8A842}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{57815B81-E6EA-4BBA-AF3A-2D296A5BB64E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{AC1C9BED-226A-43E8-B1BD-BDDE1CE0CA82}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{E761DC75-FEF6-44D7-BBB2-B9526E0BFC3C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{3719D3F2-2840-41F8-B17D-EBDDF42F2D78}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{F8DC620D-CDDB-46A6-A959-EF398D52A5B3}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{A5FDE60A-8E98-4450-91AB-1DCE965AAE8C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{963B9718-6F9F-4C78-85B0-1E03FA7E2E2C}] => (Allow) C:\Users\rumzie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{627687BF-0A0F-40FB-A039-A2A5D0AF2084}] => (Allow) C:\Users\rumzie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FBF782A2-A4E1-4F0F-BB58-106129C2E13B}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{C4023A81-5A89-4DBD-A601-3BF6E3279E37}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{6BFCEF30-0906-4D44-8DA4-792521A4CCAE}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{808A6986-C4AE-4133-B517-E3529679028D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{1DDC9023-3531-4424-A2DB-6A1198B73528}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C848E7A9-5D23-4656-BB11-9B957F8E28C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79092531-44DC-480B-A281-6DEEAE9E5792}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{37F1780D-E06C-45A3-9194-ADA7C00C4FDF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC14739B-DB5D-4E6B-A565-0F4684B20B39}] => (Allow) C:\Users\ramya_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAAB8BA0-6B51-472C-A27C-68C3DB26C56D}] => (Allow) C:\Users\ramya_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9EDF58DD-CD80-41F8-99F5-77BEF4D2DB37}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{096C198D-4E07-4ED1-A5A5-C739F3D38CE6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{6E8B9E00-A418-458F-8AF1-A23348C6E3CC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{857BAC47-5542-4200-A161-DDD53B06F109}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1B59137-40B8-4319-B650-5F3DAB6102DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{63EE22BA-7A88-407B-86C1-268AF9042A10}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{14A15E76-9A52-4E47-BAE7-281220F62B35}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{85D00302-C749-4D1E-B34F-6F24406D536A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EB1CA1C1-5130-4E52-8A97-2E3565EDBEF8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{44FD2830-9D3B-448D-A3FF-B8FC69DF9B49}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CACED799-84D3-406C-87AE-3C98E8B23C75}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7FFB465A-CE59-412B-BCA9-4F2851E1CC3E}] => (Allow) LPort=2869
FirewallRules: [{1EC7A4C9-D474-4AB2-99BF-72ADC11A1E2F}] => (Allow) LPort=1900
FirewallRules: [{71441360-31EF-4CF2-9C00-35638ECAF9E8}] => (Allow) C:\Users\ramya_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2EF66BC1-B3B8-4C10-A707-430DD0C2F67C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{00AABC69-00E1-4F7B-B4B3-7B348460AD2A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3AA115EC-80D7-42BB-A073-16F95A76F7F7}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9DBFB5A0-37E0-435A-855C-A2E0EA247CDB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1C332CE7-3C9E-4196-91CD-6690C7C10B52}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D579C33B-39A3-4BB2-AD11-2ECB8231F8B7}] => (Allow) 㩃啜敳獲牜浡慹た〰䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{0247949E-8B8E-4669-B16F-0BE34F8D3D6B}] => (Allow) 㩃啜敳獲牜浡慹た〰䅜灰慄慴剜慯業杮獜湳畜摰獳⹮硥e
FirewallRules: [{D907CD48-BC42-4203-B23F-38B8A56DA479}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{D86ACB9F-3BD8-4A5D-AA3E-C77F8EF78868}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/14/2015 03:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.16384, time stamp: 0x559f3a8d
Faulting module name: CX64AP71.dll, version: 4.80.70.0, time stamp: 0x501ae8c8
Exception code: 0xc0000005
Fault offset: 0x00000000000ff9f9
Faulting process id: 0x1a8c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/14/2015 03:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.16384, time stamp: 0x559f3a8d
Faulting module name: CX64AP71.dll, version: 4.80.70.0, time stamp: 0x501ae8c8
Exception code: 0xc0000005
Fault offset: 0x00000000000ff9f9
Faulting process id: 0x1a1c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/14/2015 03:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.16384, time stamp: 0x559f3a8d
Faulting module name: CX64AP71.dll, version: 4.80.70.0, time stamp: 0x501ae8c8
Exception code: 0xc0000005
Fault offset: 0x00000000000ff9f9
Faulting process id: 0x19a8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/14/2015 03:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.16384, time stamp: 0x559f3a8d
Faulting module name: CX64AP71.dll, version: 4.80.70.0, time stamp: 0x501ae8c8
Exception code: 0xc0000005
Fault offset: 0x00000000000ff9f9
Faulting process id: 0x1830
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/14/2015 11:41:24 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
 
Error: (12/14/2015 11:37:28 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/14/2015 11:37:28 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6268) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/14/2015 11:37:17 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/14/2015 11:37:17 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6268) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/14/2015 11:37:07 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (12/14/2015 03:19:19 PM) (Source: DCOM) (EventID: 10005) (User: MITI)
Description: 2mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/14/2015 03:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
Error: (12/14/2015 03:19:19 PM) (Source: DCOM) (EventID: 10005) (User: MITI)
Description: 2mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/14/2015 03:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
Error: (12/14/2015 03:19:19 PM) (Source: DCOM) (EventID: 10010) (User: MITI)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
 
Error: (12/14/2015 03:17:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
%%2
 
Error: (12/14/2015 03:17:19 PM) (Source: DCOM) (EventID: 10010) (User: MITI)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
 
Error: (12/14/2015 03:15:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
%%2
 
Error: (12/14/2015 03:15:19 PM) (Source: DCOM) (EventID: 10005) (User: MITI)
Description: 2mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/14/2015 03:15:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2015-12-09 21:03:43.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8061.27 MB
Available physical RAM: 5050.47 MB
Total Virtual: 16253.27 MB
Available Virtual: 13165.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.67 GB) (Free:626.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 90D712A6)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

Advertisements

#2
Essexboy
Posted 14 December 2015 - 03:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, this is a long fix but you should notice a marked improvement when finished

Re-install Chrome

Chrome has been compromised . Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

CreateRestorePoint:
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [ssn] => C:\Users\ramya_000\AppData\Roaming\ssn\updssn.exe
HKU\S-1-5-21-1210309332-3358197912-3402527016-1002\...\Run: [Birds] => C:\Users\ramya_000\AppData\Local\Birds\birds365.exe
R2 ginoquci; C:\Users\ramya_000\AppData\Local\Temp\nsn547B.tmp [222208 2015-12-09] () [File not signed]
R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe [266240 2014-09-19] () [File not signed]
S2 Qavafo; "C:\Users\ramya_000\AppData\Roaming\WiipjeFozl\Lhbukdu.exe" -cms [X]
S2 Qhbaaa; "C:\Users\ramya_000\AppData\Roaming\IgucDyzrazv\Teepuqek.exe" -cms [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-12-09] ()
2015-12-13 22:21 - 2015-12-13 22:21 - 00000000 ____D C:\WINDOWS\system32\wutu
2015-12-13 21:35 - 2015-12-13 21:35 - 00000000 ____D C:\WINDOWS\system32\uabe
2015-12-13 21:27 - 2015-12-13 21:27 - 00000000 ____D C:\WINDOWS\system32\jyx
2015-12-10 16:40 - 2015-12-10 16:40 - 00003528 _____ C:\WINDOWS\System32\Tasks\Nairoomurmsa
2015-12-09 21:00 - 2015-12-09 21:00 - 00003400 _____ C:\WINDOWS\System32\Tasks\Hucbi
2015-12-09 20:58 - 2015-12-09 20:58 - 00003502 _____ C:\WINDOWS\System32\Tasks\win
2015-12-09 20:58 - 2015-12-09 20:58 - 00003402 _____ C:\WINDOWS\System32\Tasks\Beeyq
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1210309332-3358197912-3402527016-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ramya_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {03344531-A01D-41A7-9B9A-9D428039F91B} - System32\Tasks\Nairoomurmsa => C:\ProgramData\Nairoomurmsa\1.0.6.1\olacirew.exe
Task: {0BE25672-7F5E-42ED-9F36-EFB1C09DFD96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0C73EC16-F732-46F3-ABFB-2AB3329AC6FD} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {0E7419C6-A39C-4C3B-978D-44F8B87EF6B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4341357F-3960-4CEB-8895-2397ACE3687D} - System32\Tasks\Beeyq => C:\PROGRA~1\SHOPPE~1\Inibcu.bat
Task: {4E32E964-430A-4E7E-91EF-E5E21D134892} - System32\Tasks\Hucbi => C:\PROGRA~1\GROOVE~1\Ubewo.bat
Task: {4FC3FB8F-7D9E-4B75-935A-D168CB4B2B78} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {688422FE-41EF-406F-9226-FBA1ABE7E8D3} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {6DD78B84-6B13-464F-A714-646FA0E09815} - System32\Tasks\{7C5E8807-35CA-4750-9D6D-04B584691151} => pcalua.exe -a C:\Users\ramya_000\Downloads\karinor21rt.exe -d C:\Users\ramya_000\Downloads
Task: {789FA9ED-ED84-40FA-9470-312D28DF2340} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {90CB3C13-2C2F-4475-8B8E-BA4C290A9FE9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B2124124-F628-4AC5-B37C-701611C73FDD} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {B574BF7D-ACA9-4C10-9D37-D58ECD90C1EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DAB52155-10F6-41F8-AC20-6E9D15F6FEA0} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
AlternateDataStreams: C:\Users\ramya_000\Cookies:1NL6Q18Ri8XTbsBEaqe2TCRlXkV7
C:\Program Files\sarconsogulpe
C:\Users\ramya_000\AppData\Roaming\ssn
C:\Users\ramya_000\AppData\Local\Birds
C:\Users\ramya_000\AppData\Roaming\WiipjeFozl
C:\Users\ramya_000\AppData\Roaming\IgucDyzrazv
C:\WINDOWS\system32\drivers\bsdriver.sys
C:\ProgramData\Nairoomurmsa
C:\Windows\system32\bs1.exe
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\GROOVE~1
C:\Windows\system32\winupd.exe
C:\Windows\system32\hsysinfo.exe
C:\Windows\system32\Wimboldon.exe
C:\Users\ramya_000\AppData\Local\Temp\nsn547B.tmp
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Essexboy
Posted 18 December 2015 - 07:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: bsdriver.sys, malware, adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP